fenced-frame
psl-problems | fenced-frame | |
---|---|---|
4 | 3 | |
102 | 117 | |
- | 2.6% | |
0.0 | 8.0 | |
over 4 years ago | 5 days ago | |
Bikeshed | ||
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
psl-problems
-
See this page fetch itself, byte by byte, over TLS
Ryan Sleevi has written about this before on Hacker News and here's his list https://github.com/sleevi/psl-problems
It's definitely possible that Ryan would consider using this for HN a reasonable choice, because it's mostly cosmetic, but in general you should just not add more dependencies.
- Public Suffix List Problems
-
Public Suffix List
Before you begin to make use of the PSL, consider some of its problems: https://github.com/sleevi/psl-problems
FWIW, the link above successfully convinced me and a coworker not to use the PSL.
-
W3C slaps down Google's proposal to treat multiple domains as same origin
(googler here, but this is my opinion)
I think there's a big abstraction gap between what we use domains for and what they were supposed to be used for, in a way that we shouldn't assume any ownership only based on the domain itself.
For instance you can have a number of sites that use separate domains but are owned by the same entity (N domains for 1 party). You could also have the same base domain being used for several unrelated parties, think hosting a store on Shopify (1 domain for N parties). This is so ambiguous that even inside the browser you have two different implementations on the way you handle this attribution, one for cookies and one for Single-Origin Policy.
There's a good write up about this problem at https://github.com/sleevi/psl-problems. Sometimes I wonder how the web got here with the amount of kludge that we have to carry.
fenced-frame
- Fenced Frames Element
-
Public Suffix List Problems
Yes, that's a known problem. The only proposed solution I've seen so far is Fenced Frames (https://github.com/shivanigithub/fenced-frame).
I don't know if that would even work in your use case, as it's still very limited.
-
Google Chrome Privacy / Fenced Iframes / 3rd party verification vendors
The idea of Fenced Frames is that what is inside can't touch the outside and visa versa, think of it like a more severe version of Sandbox that doesn't impact interactivity with the frame. So some of the problems that have to be addressed with the future of privacy proposal def include IVT, viewability and brand safety measurement, which often occurs with scripts crawling out of the frame. The proposal goes into some use cases: https://github.com/shivanigithub/fenced-frame
What are some alternatives?
first-party-sets
list - The Public Suffix List
standards-positions
sansio-tld-parser - A top level domain parser with no builtin io.
subtls - A proof-of-concept TypeScript TLS 1.3 client